I have disabled regular FTP logins for a couple of our servers as part of a test of this procedure.

Users who are unable to access FTP through their previously selected configuration, should update their configuration to use FTPeS.

For instructions on how to do this with the popular FileZilla FTP client, see our guide.

As always, if you have any questions concerning this, please feel free to submit a support ticket at:

http://www.amshelp.com

Steven

I have posted a howto guide on how to enable FTPeS with the FileZilla FTP client. Read the guide here. To download FileZilla head on over to their website for a download link.

Steven

Due to an increase number of FTP hacks on our servers and through reading thoughts from others in the webhosting industry, we may disable FTP unencrypted logins. This is accomplished by only allowing FTP over TLS, which encrypts the login information as it is sent across the wire from your computer to the server.

Currently you are allowed to use FTP over TLS, you just must enable it in your FTP program. This proposed change would require you to use FTP over TLS in order to log in via FTP. I will work on making a tutorial guide that shows how to do this and will make that available before this change is made to our servers.

If you want to take a look at your current FTP program and try to figure this out, look for an option called FTP over explicit TLS, FTPeS, or it may just be FTPS.

There are two types of FTP over TLS. FTP over implicit TLS and FTP over explicit TLS. FTP over implicit TLS is a dated standard and really isn’t used much any more. For this to work on our servers, you must use FTP over explicit TLS, but if you are using a newer FTP program, it may not have the option for FTP over implicit TLS and therefore may just list FTPS as an option.

Steven

We are seeing a sharp increase in the number of accounts that are being compromised and hacked into via FTP where a hacker has gained access to the username and password of an account.

I do not know how this is being done, but it does underscore the importance of using a strong and secure password for your webhosting account.

I am encouraging all users to log into their control panel and change the password of their account now before their account is compromised. Using a strong and secure password will be beneficial in keeping your account safe. I also recommend changing your password often and storing your password in a safe and secure location. For instructions on changing your account password see:

http://manual.amstechdns.com/changepassword

It is also a good idea to insure that your anti-virus program on your computer is up-to-date and kept up-to-date. I would also recommend routinely running anti-spyware and anti-trojan detection software on your computer. It is possible that these compromises are a result of your personal or work computer being infected with something that is harvesting your account credentials.

This is just a heads up regarding this issue. We are looking for ways to minimize the affects of this from our end, but ultimately if your password is insecure or the security of your local computer is in question then there is nothing we can do to stop this type of activity.

Scott

We still have about 82 percent of the WordPress installs that were written a couple of weeks ago that have not been updated to 2.6.1 or later. I am going to have to begin disabling these installs because these older versions do not need to stay active indefinitely.

I will only be disabling WordPress installs that are older than 2.5.1. If you are using WordPress 2.5.1 or later, then you won’t have your install disabled. You really still need to upgrade to WordPress 2.6.2, but at this time I am not going to make any changes as long as you are running WordPress 2.5.1 or later.

If you insist on continuing to run a WordPress install that is older than 2.5.1, then I implore you to please contact the WordPress developers or visit their support community at:

http://wordpress.org/support

Running anything less than 2.5.1 (really anything less than 2.6.2) is unsafe. You can discuss your options with the community at this address.

I will likely begin disabling these scripts early next week. So if you have not yet updated, now is the time to be doing so.

Scott